gozi | a165070adc80da2b3081a938feeee689554eee212486cddd58a29870b4baabe0 | Triage

Sharing

General

Target

a165070adc80da2b3081a938feeee689554eee212486cddd58a29870b4baabe0
Size

3.8MB
Sample

240524-ecl43sbh97
MD5

05612ea40457810288d8a6c2fef7f0cf
SHA1

9151ce2aef44d31061f9019ae1574d8e3cf61aef
SHA256

a165070adc80da2b3081a938feeee689554eee212486cddd58a29870b4baabe0
SHA512

d6d7ddfa53dbd844412a29fc82b4f3990b5ab023cd8d72e7754b0a69a8392f493e0dcde429ab4a0e3f722b41c8aab28e2b7b2d02335148914d2c165a8bfb71e7
SSDEEP

98304:KEjlmQbfgSgwvSnN4iVJui0xdRoM5XBHsdqe:KEjgQPXqOvWdqe

Score

10^/10

gozi bootkit isfb persistence

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  a165070adc80da2b3081a938feeee689554eee212486cddd58a29870b4baabe0
- Size
  
  3.8MB
- MD5
  
  05612ea40457810288d8a6c2fef7f0cf
- SHA1
  
  9151ce2aef44d31061f9019ae1574d8e3cf61aef
- SHA256
  
  a165070adc80da2b3081a938feeee689554eee212486cddd58a29870b4baabe0
- SHA512
  
  d6d7ddfa53dbd844412a29fc82b4f3990b5ab023cd8d72e7754b0a69a8392f493e0dcde429ab4a0e3f722b41c8aab28e2b7b2d02335148914d2c165a8bfb71e7
- SSDEEP
  
  98304:KEjlmQbfgSgwvSnN4iVJui0xdRoM5XBHsdqe:KEjgQPXqOvWdqe
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence